Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/M3stNuz4pD7ZjpMskqzv9XlCj9A.roa
File:                     M3stNuz4pD7ZjpMskqzv9XlCj9A.roa (raw, json)
Hash identifier:          NMOxvF7KRmh06hpPpSGd+qY4LB/onM0QHYCbQ+IenlY=
Subject key identifier:   33:7B:2D:36:EC:F8:A4:3E:D9:8E:93:2C:92:AC:EF:F5:79:42:8F:D0
Certificate issuer:       /CN=ad5eda0a1e7479c4ca78fe41c58d17e9d13b67aa
Certificate serial:       01942521645923D40EB454FB2AC1E14585C2
Authority key identifier: AD:5E:DA:0A:1E:74:79:C4:CA:78:FE:41:C5:8D:17:E9:D1:3B:67:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/M3stNuz4pD7ZjpMskqzv9XlCj9A.roa
Signing time:             Thu 02 Jan 2025 03:48:52 +0000
ROA not before:           Thu 02 Jan 2025 03:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206158
IP address blocks:        45.15.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/rV7aCh50ecTKeP5BxY0X6dE7Z6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/rV7aCh50ecTKeP5BxY0X6dE7Z6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 23:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:64:59:23:d4:0e:b4:54:fb:2a:c1:e1:45:85:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad5eda0a1e7479c4ca78fe41c58d17e9d13b67aa
        Validity
            Not Before: Jan  2 03:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=337b2d36ecf8a43ed98e932c92aceff579428fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:68:03:ea:c1:ba:6d:df:db:42:a5:be:f3:6b:
                    d1:8f:b9:4b:9a:a9:0e:93:a8:cd:0e:53:a6:36:59:
                    e5:63:38:79:a8:e5:3f:6f:62:4b:04:83:0c:51:ac:
                    65:ee:cf:3e:4d:eb:40:d1:b2:06:3b:09:1d:82:fb:
                    6a:36:46:e3:2b:21:11:62:44:34:de:c1:99:03:05:
                    d9:c6:ac:26:73:bd:40:6d:e4:fd:e3:12:03:38:fa:
                    54:17:cb:71:7f:85:4b:ce:97:d0:ce:d2:9c:43:3d:
                    da:08:14:6f:53:62:a8:d0:b1:4a:af:53:a2:03:7c:
                    3c:05:e9:24:57:67:a5:c0:65:b4:b8:23:17:d3:6a:
                    62:3b:0a:6d:fd:bd:b3:44:f7:9b:d9:e4:8e:f6:d1:
                    c0:11:2e:ac:af:f7:84:b5:52:aa:99:0b:b2:17:52:
                    d3:75:b1:5e:60:73:11:c0:ac:9e:c7:8b:2d:2c:51:
                    fd:4a:e4:09:18:37:2d:25:9e:60:59:3d:7a:94:fc:
                    58:ea:b1:c8:3c:a9:61:1f:f0:60:9a:a0:7c:40:75:
                    14:54:6b:4b:f4:8c:1e:31:da:b0:23:1d:91:b6:c0:
                    fd:d1:67:98:2e:69:6c:72:21:80:f7:1d:66:3e:e5:
                    77:c1:7d:b1:5c:1d:79:d9:2d:f3:19:43:82:96:26:
                    b5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7B:2D:36:EC:F8:A4:3E:D9:8E:93:2C:92:AC:EF:F5:79:42:8F:D0
            X509v3 Authority Key Identifier:
                keyid:AD:5E:DA:0A:1E:74:79:C4:CA:78:FE:41:C5:8D:17:E9:D1:3B:67:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rV7aCh50ecTKeP5BxY0X6dE7Z6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/M3stNuz4pD7ZjpMskqzv9XlCj9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/febb18-e78a-4d12-80a2-944ce7eeb154/1/rV7aCh50ecTKeP5BxY0X6dE7Z6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:eb:da:f6:8c:1f:fd:3e:00:8d:74:ad:5f:6d:08:45:cc:78:
         8b:7c:9e:c9:34:67:84:9b:ca:0a:69:7f:5d:dd:20:5c:bf:a6:
         c4:30:3b:e2:e0:70:b4:2f:21:c3:f2:53:92:dd:69:c2:09:ba:
         a4:9e:09:9f:2e:46:c5:00:b9:2a:06:ff:f3:69:0f:62:f2:3c:
         53:5f:42:c4:33:0e:1f:79:1f:0a:2c:91:c0:dd:4e:17:b7:9c:
         9e:ac:ea:de:11:88:45:e6:87:ee:76:6f:7d:23:47:a4:8c:9c:
         85:76:0a:61:e9:06:05:5c:1f:0c:d4:43:3b:83:19:69:e7:bb:
         63:3f:7a:c5:ba:75:41:1c:f9:e8:e4:5f:f0:96:a2:a6:df:97:
         49:fd:60:58:03:f6:83:9e:30:89:ef:f8:93:b0:8a:1f:0c:94:
         b0:a2:b0:0d:76:65:dc:f1:10:b2:5d:e2:1f:04:12:41:21:a5:
         cf:ed:26:19:5c:e1:53:ea:24:a4:78:34:93:d2:ad:97:13:6f:
         16:1c:11:c3:dd:38:e4:97:0f:db:ba:d4:4e:4a:f1:a9:65:10:
         0b:b0:a0:eb:c0:90:7c:a8:38:c9:6a:74:92:e5:32:88:e3:ca:
         ec:26:f4:7c:37:28:99:e1:40:3d:40:cd:52:4e:b0:f3:d6:a3:
         bc:8c:18:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWRZI9QOtFT7KsHhRYXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNWVkYTBhMWU3NDc5YzRjYTc4ZmU0MWM1OGQxN2U5ZDEz
YjY3YWEwHhcNMjUwMTAyMDM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdiMmQzNmVjZjhhNDNlZDk4ZTkzMmM5MmFjZWZmNTc5NDI4ZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWgD6sG6bd/bQqW+82vRj7lLmqkO
k6jNDlOmNlnlYzh5qOU/b2JLBIMMUaxl7s8+TetA0bIGOwkdgvtqNkbjKyERYkQ0
3sGZAwXZxqwmc71AbeT94xIDOPpUF8txf4VLzpfQztKcQz3aCBRvU2Ko0LFKr1Oi
A3w8BekkV2elwGW0uCMX02piOwpt/b2zRPeb2eSO9tHAES6sr/eEtVKqmQuyF1LT
dbFeYHMRwKyex4stLFH9SuQJGDctJZ5gWT16lPxY6rHIPKlhH/BgmqB8QHUUVGtL
9IweMdqwIx2RtsD90WeYLmlsciGA9x1mPuV3wX2xXB152S3zGUOClia1kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN7LTbs+KQ+2Y6TLJKs7/V5Qo/QMB8GA1UdIwQY
MBaAFK1e2goedHnEynj+QcWNF+nRO2eqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclY3YUNoNTBlY1RLZVA1QnhZMFg2ZEU3WjZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mZWJiMTgtZTc4YS00ZDEyLTgwYTIt
OTQ0Y2U3ZWViMTU0LzEvTTNzdE51ejRwRDdaanBNc2txenY5WGxDajlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mZWJiMTgtZTc4YS00ZDEyLTgwYTItOTQ0Y2U3ZWViMTU0
LzEvclY3YUNoNTBlY1RLZVA1QnhZMFg2ZEU3WjZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ/qMA0G
CSqGSIb3DQEBCwUAA4IBAQBV69r2jB/9PgCNdK1fbQhFzHiLfJ7JNGeEm8oKaX9d
3SBcv6bEMDvi4HC0LyHD8lOS3WnCCbqkngmfLkbFALkqBv/zaQ9i8jxTX0LEMw4f
eR8KLJHA3U4Xt5yerOreEYhF5ofudm99I0ekjJyFdgph6QYFXB8M1EM7gxlp57tj
P3rFunVBHPno5F/wlqKm35dJ/WBYA/aDnjCJ7/iTsIofDJSworANdmXc8RCyXeIf
BBJBIaXP7SYZXOFT6iSkeDST0q2XE28WHBHD3Tjklw/butROSvGpZRALsKDrwJB8
qDjJanSS5TKI48rsJvR8NyiZ4UA9QM1STrDz1qO8jBhY
-----END CERTIFICATE-----